QwikSec

Security Database

CVE

CWE

Training

CVE-2019-15092

Published: Aug 23, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://hackpuntes.com/cve-2019-15092-wordpress-plugin-import-export-users-1-3-0-csv-injection/

x_refsource_MISC

https://wpvulndb.com/vulnerabilities/9704

x_refsource_MISC

http://packetstormsecurity.com/files/154203/WordPress-Import-Export-WordPress-Users-1.3.1-CSV-Injection.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.